961622857fc2659ebd17076fb9427df7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

961622857fc2659ebd17076fb9427df7_JaffaCakes118
Size

165KB
MD5

961622857fc2659ebd17076fb9427df7
SHA1

da76ebc1ff9ddd6d9646251e7e9f5c9085ca0a35
SHA256

2189bbd4bd383313e0cbba9409abe03d4c952b86efda770c534ffde1908b0931
SHA512

649f588bc076586b1f06f6e385ab684d1add10b9b458155d6de086a6724ea1c15f4c60a93f6971e9c8473a40597d95ee7aa02f21f3457419a9cc90e3f37a354d
SSDEEP

3072:d4liJiUSSomz8NCEZKTuW6US5Dvt5KrtnKnSZD0TzFrkiRCMd:9JC7wcCYKAN3KPZ4TzFw4d

Score

1^/10

Malware Config

Signatures

Files

961622857fc2659ebd17076fb9427df7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

76e23237ac0198ed376af947741d695b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:c8:0a:6e:62:1a:78:39:46:6c:fa:b0:e5:e2:7d:68
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

22/08/2014, 00:00

Not After

20/10/2016, 23:59

Subject

CN=NetSarang Computer\, Inc,O=NetSarang Computer\, Inc,L=Gwangjin-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

56:23:a2:23:d6:70:ae:4a:41:0a:21:13:01:21:cb:d0:1c:1a:19:b0
Signer

Actual PE Digest

56:23:a2:23:d6:70:ae:4a:41:0a:21:13:01:21:cb:d0:1c:1a:19:b0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
CancelIo
ResetEvent
GetTickCount
FreeLibrary
HeapAlloc
CloseHandle
CreateThread
lstrcpyA
lstrcatA
GetModuleFileNameA
GetLastError
OpenMutexA
SetEvent
GetSystemInfo
SetErrorMode
CreateMutexA
CreateFileA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WaitForSingleObject
CreateEventA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
LoadLibraryA
GetProcAddress
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
Sleep
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapSize
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
HeapReAlloc
GetModuleHandleW
ExitProcess
ExitThread
GetCurrentThreadId
GetCommandLineA
GetStartupInfoA
HeapFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetModuleHandleA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
WriteFile
GetStdHandle
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

user32

wsprintfA

advapi32

OpenServiceA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA

ws2_32

sendto
inet_addr
socket
gethostbyname
htons
htonl
select
recv
send
setsockopt
closesocket
WSAStartup
ntohl
inet_ntoa
ntohs
recvfrom
connect
getsockname

Exports

Exports

ughryh

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

SSS
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

JJJ
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

KKK
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76e23237ac0198ed376af947741d695b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

77:c8:0a:6e:62:1a:78:39:46:6c:fa:b0:e5:e2:7d:68Certificate

Extended Key Usages

Key Usages

56:23:a2:23:d6:70:ae:4a:41:0a:21:13:01:21:cb:d0:1c:1a:19:b0Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 93KB - Virtual size: 93KB

SSS Size: 1KB - Virtual size: 1KB

JJJ Size: 4KB - Virtual size: 3KB

KKK Size: 28KB - Virtual size: 27KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 11KB - Virtual size: 27KB

.rsrc Size: 1KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

77:c8:0a:6e:62:1a:78:39:46:6c:fa:b0:e5:e2:7d:68
Certificate

56:23:a2:23:d6:70:ae:4a:41:0a:21:13:01:21:cb:d0:1c:1a:19:b0
Signer

.text
Size: 93KB - Virtual size: 93KB

SSS
Size: 1KB - Virtual size: 1KB

JJJ
Size: 4KB - Virtual size: 3KB

KKK
Size: 28KB - Virtual size: 27KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 11KB - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB